CVE-2023-3935

EPSS 0.22%
Published 13.09.2023 14:15:09
Last modified 21.11.2024 08:18:21
Source info@cert.vde.com
Teams watchlist Login
Open Login

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Wibu ≫ Codemeter Runtime Version < 7.60c

Trumpf ≫ Oseon Version >= 1.0.0 <= 3.0.22

Trumpf ≫ Programmingtube Version >= 1.0.1 <= 4.6.3

Trumpf ≫ Teczonebend Version >= 18.02.r8 <= 23.06.01

Trumpf ≫ Tops Unfold Version05.03.00.00

Trumpf ≫ Topscalculation Version >= 14.00 <= 22.00.00

Trumpf ≫ Trumpflicenseexpert Version >= 1.5.2 <= 1.11.1

Trumpf ≫ Trutops Version >= 08.00 <= 12.01.00.00

Trumpf ≫ Trutops Cell Classic Version <= 09.09.02

Trumpf ≫ Trutops Cell Sw48 Version >= 01.00 <= 02.26.0

Trumpf ≫ Trutops Mark 3d Version >= 01.00 <= 06.01

Trumpf ≫ Trutopsboost Version >= 06.00.23.00 <= 16.0.22

Trumpf ≫ Trutopsfab Version >= 15.00.23.00 <= 22.8.25

Trumpf ≫ Trutopsfab Storage Smallstore Version >= 14.06.20 <= 20.04.20.00

Trumpf ≫ Trutopsprint Version >= 00.06.00 <= 01.00

Trumpf ≫ Trutopsprintmultilaserassistant Version >= 01.02

Trumpf ≫ Trutopsweld Version >= 7.0.198.241 <= 9.0.28148.1

Trumpf ≫ Tubedesign Version >= 08.00 <= 14.06.150

Phoenixcontact ≫ Activation Wizard SwPlatformmoryx Version <= 1.6

Phoenixcontact ≫ E-mobility Charging Suite Version <= 1.7.0

Phoenixcontact ≫ Fl Network Manager Version <= 7.0

Phoenixcontact ≫ Iol-conf Version <= 1.7.0

Phoenixcontact ≫ Module Type Package Designer Version < 1.2.0

Phoenixcontact ≫ Module Type Package Designer Version1.2.0 Updatebeta

Phoenixcontact ≫ Plcnext Engineer Version <= 2023.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.445

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf

Vendor Advisory

https://cert.vde.com/en/advisories/VDE-2023-030/

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-031/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3935

EUVD